Multiple Greeting Card Scams

We did get reports about a couple of greeting card scams. They use different
domains (bluemountain.com, 123greetings.com). It is important to note that
these scams use different domains. If you include greeting card scams in your
awareness training, make sure to point out that they may use less known domain
names as well.

Netscape 8.01

Yesterday's diary pointed out the release of Netscape 8.0. Well, today AOL
released a security update (version 8.01). Please make sure you download it.
While initial reports of >40 bugs turned out to be inflated, there are still a few issues (about 3-5) that are fixed in 8.01.

MSFT Time Server

We have one report and some personal observations that the default Microsoft time server (time.windows.com) is having problems. If you are using this time server (it is the default time server for Windows XP installs), make sure you are still able to connect, or let us know if you see any error messages.

Sober deadline for next monday

The version of Sober responsible for last weeks outbreak of German spam is said to trigger some as of now unknown payload on Monday, May 23rd. If you know what it will do, let us know. The messages are believed to relate to this weekends
elections in one of Germany's larger states.

Pharming

Pharming: Does it exist? We do get ongoing requests for statistics about actual "Pharming Attacks". So far, the response has been easy: "None". While the DNS cache poisoning attack from a few months ago has been called "pharming" by some, it wasn't according to our definition of the term, as it did not attempt to spoof a bank site to obtain passwords. However, pharming is a rather new term, and like other new terms it may stretch itself until it finds a purpose.

-------------

Johannes Ullrich

jullrich@';drop table email;'sans.org'

SANS Institute